Towards a sustainable solution to open source sustainability

A presentation at FOSS Backstage in February 2021 in by Tobie Langel

Slide 1

Slide 1

Towards a sustainable solution to open source sustainability Tobie Langel, Principal, UnlockOpen

Slide 2

Slide 2

Slide 3

Slide 3

The Heartbleed Bug

Slide 4

Slide 4

Heartbleed bug 💔 WHAT WAS HEARTBLEED? Critical vulnerability that affected the OpenSSL library in 2014. 🔐 WHAT IS OPENSSL? The OpenSSL library is responsible for securing network communications in UNIX systems. 🌍 WHY IS OPENSSL SO IMPORTANT? It powers the majority of internet servers.

Slide 5

Slide 5

Heartbleed bug impact 👩⚕ 4.5 MILLION The number of US patient records whose confidentiality was compromised. 💰 $500 MILLION Estimated cost to the industry.

Slide 6

Slide 6

Pivotal moment where tech industry realizes open source is: 🌏 UBIQUITOUS 2/3 of active sites on the Internet rely on the OpenSSL library. ⚠ CRITICAL OpenSSL encrypts private communications, bank transactions, medical records, etc. 💸 UNDERFUNDED Only 1 full-time maintainer, shoestring budget ($2k/year).

Slide 7

Slide 7

Slide 8

Slide 8

🔥 MAINTAINER BURNOUT Huge burden carried by maintainers and cost to their mental health. 🌊 OPENED THE FLOODGATES The community started speaking up about these issues. ♻ SUSTAINABILITY Open source sustainability took center stage. ❓ MULTIPLE RESPONSES This triggered a diverse set of response from different actors in the field.

Slide 9

Slide 9

🏭 INDUSTRY-WIDE EFFORT Organized by the Linux Foundation. Backed by tech giants. 💰 MULTI-MILLION $ FUND Administered by Linux Foundation and a steering group of industry experts. 🎯 GOAL Harden the security of key open source projects. 👓 STRICT FOCUS ON “CORE INFRA” The goal is to prevent a new Heartbleed. Not to make open source as a whole more sustainable.

Slide 10

Slide 10

Slide 11

Slide 11

🎨 FOCUS Originally aimed at artists, musicians & writers. 🌊 GOAL Create a “meaningful revenue stream.” 🏆 SUCCESS STORY Evan You (pictured), creator of Vue.js. Nets over $17K per month. ❌ REPRODUCIBLE? Not really. Very few devs have a large enough revenue stream to work on OSS full-time.

Slide 12

Slide 12

Slide 13

Slide 13

🏪 GITHUB ISSUE MARKET Allows project owners to add bounties to GitHub issues. Devs submit their work as a pull request. 💰 $500,000 Amount of bounties paid on the platform in 2018. ⛓ BLOCKCHAIN-BASED Developers received bounties in Ether. 🌳 WHOLE ECOSYSTEM GitCoin also provides an ad network (CodeFund), and a Patreon-like solution (Grants).

Slide 14

Slide 14

👩💻 CONTEXTUAL ADS Advertise on the websites of open source projects. 💼 HIRING FOCUS Dedicated solution for hiring developers. 💵 $6K PER MONTH Redistributed to project maintainers out of $10K monthly revenue.

Slide 15

Slide 15

👩💻 CONTEXTUAL ADS Advertise on the websites of open source projects. 💼 HIRING FOCUS Dedicated solution for hiring developers. 💵 $6K PER MONTH Redistributed to project maintainers out of $10K monthly revenue.

Slide 16

Slide 16

👍 ENDORSED BY CODEFUN “They have the same mission, goals, and ethics that we worked hard to achieve.” 📖 ORIGIN STORY Originated as a way to fund sustainable open source development. 🧑💻 DEVELOPER FOCUSED 100% focused on advertising to developers. 📈 1 BILLION Number of ads served since 2016.

Slide 17

Slide 17

Slide 18

Slide 18

🔍 WHAT DOES IT DO? Provides non profit status (501c6) to open source projects & transparency as to how funds are used. 🏆 SUCCESS STORY WebPack reached $400K+ yearly funding in 2018. Win-win situation for key sponsor (Trivago). 🐿 LONG TAIL PROBLEM A few projects are getting most of the funding (>25% of total funds for WebPack in 2017).

Slide 19

Slide 19

Slide 20

Slide 20

Slide 21

Slide 21

🛥 WHAT IS IT? Red Hat business model for the long tail. 🛎 SERVICES Provides security updates, maintenance, and legal assurances for all open source projects in an organization’s stack. 👨💻 HOW? By paying the actual maintainers to do the work. 🏆 SUCCESS STORY None yet. Still too early.

Slide 22

Slide 22

Slide 23

Slide 23

Limitations of addressing open source sustainability through funding alone 📡 DOES IT SCALE? Is the current level of funding realistic compared to open source ubiquity? 💵 IS MONEY EVEN WHAT’S MISSING? Are we trying to solve the right problem? 🔮 IS IT A DESIRABLE OUTCOME? Do we want a future with charity-funded open source developers on one side, and corporate developers writing “glue code” on the other? 💸 WHAT IS THE REAL VALUE OF OPEN SOURCE? Isn’t it time to look beyond the source code?

Slide 24

Slide 24

Limitations of addressing open source sustainability through funding alone 📡 DOES IT SCALE? Is the current level of funding realistic compared to open source ubiquity? 💵 IS MONEY EVEN WHAT’S MISSING? Are we trying to solve the right problem? 🔮 IS IT A DESIRABLE OUTCOME? Do we want a future with charity-funded open source developers on one side, and corporate developers writing “glue code” on the other? 💸 WHAT IS THE REAL VALUE OF OPEN SOURCE? Isn’t it time to look beyond the source code?

Slide 25

Slide 25

$100

Slide 26

Slide 26

$10,000 Monthly revenue of CodeFun.

Slide 27

Slide 27

1 million dollars • • Amount collected by Open Collective in a year. Amount Tidelift committed to pay developers.

Slide 28

Slide 28

Worldwide developer population Non-pro 4.30M Full-time Part-time 11.65M 6.35M : h t a m e p o l e v n e e h t f o k c a b k c i u Q B 0 8 7 $ = K 5 6 $ x s v e d T F M 12 B 0 1 2 $ = K 5 3 $ x s v e d T P M +6 s r a l l o d n o i l l i r t ~= 1 Source: IDC, Worldwide Developer Census, 2018.

Slide 29

Slide 29

1 million dollars • • Amount collected by Open Collective in a year. Amount Tidelift committed to pay developers.

Slide 30

Slide 30

100 million dollars 1 million dollars $10,000

Slide 31

Slide 31

1 billion dollars

Slide 32

Slide 32

10 billion dollars

Slide 33

Slide 33

1 trillion dollars

Slide 34

Slide 34

1 million dollars

Slide 35

Slide 35

Limitations of addressing open source sustainability through funding alone 📡 DOES IT SCALE? Is the current level of funding realistic compared to open source ubiquity? 💵 IS MONEY EVEN WHAT’S MISSING? Are we trying to solve the right problem? 🔮 IS IT A DESIRABLE OUTCOME? Do we want a future with charity-funded open source developers on one side, and corporate developers writing “glue code” on the other? 💸 WHAT IS THE REAL VALUE OF OPEN SOURCE? Isn’t it time to look beyond the source code?

Slide 36

Slide 36

Developers working on the Linux kernel Non employed 7.7% Employed 92.3% Source: Linux Kernel Development report 2016.

Slide 37

Slide 37

Limitations of addressing open source sustainability through funding alone 📡 DOES IT SCALE? Is the current level of funding realistic compared to open source ubiquity? 💵 IS MONEY EVEN WHAT’S MISSING? Are we trying to solve the right problem? 🔮 IS IT A DESIRABLE OUTCOME? Do we want a future with charity-funded open source developers on one side, and corporate developers writing “glue code” on the other? 💸 WHAT IS THE REAL VALUE OF OPEN SOURCE? Isn’t it time to look beyond the source code?

Slide 38

Slide 38

“[P]art of the reason much of open source is so good, and often so superior to closed-source commercial projects, is the natural boundary of constraints. If you are not being paid or otherwise compensated directly for your work, you’re less likely to needlessly embellish it. You’re solving the problems for you and your mates, likely in the simplest way you could, so you can get back to whatever you originally intended to do before starting to shave the yak.” —DHH, The Perils of mixing open source and money, Nov 12, 2013.

Slide 39

Slide 39

Limitations of addressing open source sustainability through funding alone 📡 DOES IT SCALE? Is the current level of funding realistic compared to open source ubiquity? 💵 IS MONEY EVEN WHAT’S MISSING? Are we trying to solve the right problem? 🔮 IS IT A DESIRABLE OUTCOME? Do we want a future with charity-funded open source developers on one side, and corporate developers writing “glue code” on the other? 💸 WHAT IS THE REAL VALUE OF OPEN SOURCE? Isn’t it time to look beyond the source code?

Slide 40

Slide 40

Slide 41

Slide 41

Slide 42

Slide 42

Slide 43

Slide 43

Slide 44

Slide 44

Slide 45

Slide 45

Slide 46

Slide 46

Slide 47

Slide 47

Slide 48

Slide 48

Slide 49

Slide 49

Slide 50

Slide 50

Charity-like funding alone is not the solution. Real way forward is to normalize engineers contributing to open source as part of their day job. How? Make organizations understand the ROI of contributing to open source.

Slide 51

Slide 51

Tobie Langel Principal, UnlockOpen unlockopen.com tobie@unlockopen.com Thank you!